27 lines
748 B
Nix
27 lines
748 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.mailsystem;
|
|
redisCfg = config.services.redis.servers.rspamd;
|
|
rspamdCfg = config.services.rspamd;
|
|
in {
|
|
config = lib.mkIf cfg.enable {
|
|
services.redis.servers.rspamd = {
|
|
enable = true;
|
|
# Don't accept connections via tcp
|
|
port = 0;
|
|
unixSocketPerm = 600;
|
|
};
|
|
|
|
# TODO: Run commands as service user instead of as root?
|
|
systemd.services.redis-rspamd.serviceConfig.ExecStartPost =
|
|
"+"
|
|
+ pkgs.writeShellScript "redis-rspamd-postStart" ''
|
|
${pkgs.acl.bin}/bin/setfacl -m "u:${rspamdCfg.user}:x" "${builtins.dirOf redisCfg.unixSocket}"
|
|
${pkgs.acl.bin}/bin/setfacl -m "u:${rspamdCfg.user}:rw" "${redisCfg.unixSocket}"
|
|
'';
|
|
};
|
|
}
|